ikurni ikurni
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| How do I verify that a private key matches a certificate? | |
| To verify that a private key matches its certificate you need to compare the modulus of the certificate against the modulus of the private key. | |
| Please follow the below command to view the modulus of the certificate. | |
| # openssl x509 -noout -modulus -in server.crt | openssl md5 | |
| Now you will receive the modulus something like a77c7953ea5283056a0c9ad75b274b96 | |
| Please follow the below command to view the modulus of the private key. | |
| # openssl rsa -noout -modulus -in myserver.key | openssl md5 |
ikurni
/ OCP-3.11-AIO-hosts
Created
January 4, 2019 04:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # ansible inventory for OpenShift Container Platform 3.11.16 | |
| # AgnosticD ansible-config: ocp-ha-lab | |
| [OSEv3:vars] | |
| ########################################################################### | |
| ### Ansible Vars | |
| ########################################################################### | |
| timeout=60 |
ikurni
/ Satellite-6.3-Capsule-as-Docker
Last active
January 25, 2019 06:30
Satellite 6.3+ - Use capsule as Docker Repository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### To configure Satellite as Docker Repository, it will be depend on how it's set to published at which URL. But for Capsule will use different URL compare to Satellite. To check correct URL for Capsule, so we can pull docker images from Capsule URL directly, do this : | |
| #Go to Directory /var/lib/pulp/published/docker/v2/web/1-xxx-xxx-xxx (xxx represent random name dir generated by Pulp based on content view configuration) | |
| cd /var/lib/pulp/published/docker/v2/web/1-openshift-cv-dr-7a234-12312-1231-3434-3243-4534-2342398704/tags | |
| #Inside the dir, we can find few files in there, but just simply print the tags list | |
| cat list | |
| # {"name": "abc-dr-openshift-cv-docker-registry-openshift:3_ose-deployer", "tags": "["v3.11.51"... output omitted | |
| # |
ikurni
/ kube-advanced-audit.yaml
Created
October 10, 2019 06:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: audit.k8s.io/v1 | |
| kind: Policy | |
| rules: | |
| # The following requests were manually identified as high-volume and low-risk, | |
| # so drop them. | |
| - level: None | |
| users: ["system:kube-proxy"] | |
| verbs: ["watch"] | |
| resources: | |
| - group: "" # core |
ikurni
/ ingresscontroller-operator.yaml
Last active
February 9, 2020 11:41
OCP4-change-default-nodeselector-by-operator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #[root@prodcluster-bastion ~]# oc edit ingresscontrollers.operator.openshift.io/default -n openshift-ingress-operator | |
| apiVersion: operator.openshift.io/v1 | |
| kind: IngressController | |
| metadata: | |
| creationTimestamp: "2020-02-08T08:29:55Z" | |
| finalizers: | |
| - ingresscontroller.operator.openshift.io/finalizer-ingresscontroller | |
| generation: 2 | |
| name: default | |
| namespace: openshift-ingress-operator |
ikurni
/ OCP-4.2-ProxySetup
Last active
October 15, 2020 04:41
Oc command to apply cluster wide proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| oc -n openshift-cluster-version set env deploy cluster-version-operator HTTP_PROXY=http://proxy-server:port HTTPS_PROXY=http://proxy-server:port NO_PROXY=".cluster.local,.company.com,.svc,10.0.0.0/16,10.32.0.0/14,10.36.0.0/16,127.0.0.1,api-int.dc.company.com,etcd-0.dc.company.com,etcd-1.dc.company.com,etcd-2.dc.company.com,localhost" | |
| apiVersion: config.openshift.io/v1 | |
| kind: Proxy | |
| metadata: | |
| name: cluster | |
| spec: | |
| httpProxy: http://proxy-server:port | |
| httpsProxy: http://proxy-server:port | |
| noProxy: .company.com,mirror.openshift.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| srv-host=_etcd-server-ssl._tcp.prodocp.dc.example.com,etcd-0.prodocp.dc.example.com,2380,0,10 | |
| srv-host=_etcd-server-ssl._tcp.prodocp.dc.example.com,etcd-1.prodocp.dc.example.com,2380,0,10 | |
| srv-host=_etcd-server-ssl._tcp.prodocp.dc.example.com,etcd-2.prodocp.dc.example.com,2380,0,10 | |
| ###disable DHCP | |
| no-dhcp-interface= | |
| ###add for dns | |
| no-hosts | |
| addn-hosts=/etc/dnsmasq.hosts |
ikurni
/ ssh-config-ignore-knownhosts
Created
February 11, 2020 15:45
SSH config file to ignore known hosts registration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| UserKnownHostsFile=/dev/null | |
| StrictHostKeyChecking=no |
ikurni
/ ssh-config-ignore-knownhosts
Last active
May 17, 2020 06:35
SSH config file to ignore known hosts registration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Put this config on /root/.ssh/config (if ssh as root) ### | |
| UserKnownHostsFile=/dev/null | |
| StrictHostKeyChecking=no |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Pods rollout stuck in waiting for condition, unable mount volume, unable mount secret. Pods are using PVC from vSphere Volume | |
| --> Check VM's advanced config, make sure "disk.EnableUUID = true" is available |